diff options
| -rwxr-xr-x | config/snort/snort.xml | 2 | ||||
| -rwxr-xr-x | config/snort/snort_alerts.php | 21 | ||||
| -rw-r--r-- | config/snort/snort_blocked.php | 8 | ||||
| -rw-r--r-- | config/snort/snort_ip_reputation.php | 8 | ||||
| -rw-r--r-- | config/snort/snort_iprep_list_browser.php | 4 | ||||
| -rw-r--r-- | config/squid/squid.inc | 81 | ||||
| -rw-r--r-- | pkg_config.10.xml | 2 | ||||
| -rw-r--r-- | pkg_config.8.xml | 2 |
8 files changed, 93 insertions, 35 deletions
diff --git a/config/snort/snort.xml b/config/snort/snort.xml index 612fbaa8..9d20a4ab 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -45,7 +45,7 @@ </copyright> <description>Snort IDS/IPS Package</description> <name>Snort</name> - <version>3.2.8.1</version> + <version>3.2.8.2</version> <title>Services: Snort IDS</title> <include_file>/usr/local/pkg/snort/snort.inc</include_file> <menu> diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index 3f3159a6..52fe0db3 100755 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -188,7 +188,7 @@ if (is_array($config['installedpackages']['snortglobal']['alertsblocks'])) { $pconfig['alertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber']; } -if (empty($pconfig['alertnumber'])) +if (empty($pconfig['alertnumber']) || !is_numeric($pconfig['alertnumber'])) $pconfig['alertnumber'] = '250'; if (empty($pconfig['arefresh'])) $pconfig['arefresh'] = 'off'; @@ -242,12 +242,15 @@ if ($_POST['save']) { if (!is_array($config['installedpackages']['snortglobal']['alertsblocks'])) $config['installedpackages']['snortglobal']['alertsblocks'] = array(); $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'] = $_POST['arefresh'] ? 'on' : 'off'; - $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'] = $_POST['alertnumber']; - write_config("Snort pkg: updated ALERTS tab settings."); - - header("Location: /snort/snort_alerts.php?instance={$instanceid}"); - exit; + if (is_numeric($_POST['alertnumber'])) { + $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'] = $_POST['alertnumber']; + write_config("Snort pkg: updated ALERTS tab settings."); + header("Location: /snort/snort_alerts.php?instance={$instanceid}"); + return; + } else { + $input_errors[] = gettext("Alert number must be numeric"); + } } if ($_POST['todelete']) { @@ -582,12 +585,12 @@ if ($savemsg) { </tr> <?php if ($filterlogentries) : ?> <tr> - <td colspan="2" class="listtopic"><?php printf(gettext("Last %s Alert Entries"), $anentries); ?> + <td colspan="2" class="listtopic"><?php printf(gettext("Last %s Alert Entries"), htmlspecialchars($anentries)); ?> <?php echo gettext("(Most recent listed first) ** FILTERED VIEW ** clear filter to see all entries"); ?></td> </tr> <?php else: ?> <tr> - <td colspan="2" class="listtopic"><?php printf(gettext("Last %s Alert Entries"), $anentries); ?> + <td colspan="2" class="listtopic"><?php printf(gettext("Last %s Alert Entries"), htmlspecialchars($anentries)); ?> <?php echo gettext("(Most recent entries are listed first)"); ?></td> </tr> <?php endif; ?> @@ -625,7 +628,7 @@ if ($savemsg) { /* make sure alert file exists */ if (file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert")) { - exec("tail -{$anentries} -r {$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert > {$g['tmp_path']}/alert_{$snort_uuid}"); + exec("tail -n" . escapeshellarg($anentries) . " -r " . escapeshellarg("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert") . " > " . escapeshellarg("{$g['tmp_path']}/alert_{$snort_uuid}")); if (file_exists("{$g['tmp_path']}/alert_{$snort_uuid}")) { $tmpblocked = array_flip(snort_get_blocked_ips()); $counter = 0; diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php index 39119210..055497d9 100644 --- a/config/snort/snort_blocked.php +++ b/config/snort/snort_blocked.php @@ -46,7 +46,7 @@ if (!is_array($config['installedpackages']['snortglobal']['alertsblocks'])) $pconfig['brefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']; $pconfig['blertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber']; -if (empty($pconfig['blertnumber'])) +if (empty($pconfig['blertnumber']) || !is_numeric($pconfig['blertnumber'])) $bnentries = '500'; else $bnentries = $pconfig['blertnumber']; @@ -130,6 +130,10 @@ if ($_POST['download']) if ($_POST['save']) { + if (!is_numeric($_POST['blertnumber'])) { + $input_errors[] = gettext("Alert number must be numeric"); + } + /* no errors */ if (!$input_errors) { $config['installedpackages']['snortglobal']['alertsblocks']['brefresh'] = $_POST['brefresh'] ? 'on' : 'off'; @@ -219,7 +223,7 @@ if ($savemsg) { </td> </tr> <tr> - <td colspan="2" class="listtopic"><?php printf(gettext("Last %s Hosts Blocked by Snort"), $bnentries); ?></td> + <td colspan="2" class="listtopic"><?php printf(gettext("Last %s Hosts Blocked by Snort"), htmlspecialchars($bnentries)); ?></td> </tr> <tr> <td colspan="2"> diff --git a/config/snort/snort_ip_reputation.php b/config/snort/snort_ip_reputation.php index c190b0e6..58098fe2 100644 --- a/config/snort/snort_ip_reputation.php +++ b/config/snort/snort_ip_reputation.php @@ -78,7 +78,7 @@ if ($_POST['mode'] == 'blist_add' && isset($_POST['iplist'])) { // See if the file is already assigned to the interface foreach ($a_nat[$id]['blist_files']['item'] as $f) { if ($f == basename($_POST['iplist'])) { - $input_errors[] = gettext("The file {$f} is already assigned as a blacklist file."); + $input_errors[] = sprintf(gettext("The file %s is already assigned as a blacklist file."), htmlspecialchars($f)); break; } } @@ -89,7 +89,7 @@ if ($_POST['mode'] == 'blist_add' && isset($_POST['iplist'])) { } } else - $input_errors[] = gettext("The file '{$_POST['iplist']}' could not be found."); + $input_errors[] = sprintf(gettext("The file '%s' could not be found."), htmlspecialchars($_POST['iplist'])); $pconfig['blist_files'] = $a_nat[$id]['blist_files']; $pconfig['wlist_files'] = $a_nat[$id]['wlist_files']; @@ -103,7 +103,7 @@ if ($_POST['mode'] == 'wlist_add' && isset($_POST['iplist'])) { // See if the file is already assigned to the interface foreach ($a_nat[$id]['wlist_files']['item'] as $f) { if ($f == basename($_POST['iplist'])) { - $input_errors[] = gettext("The file {$f} is already assigned as a whitelist file."); + $input_errors[] = sprintf(gettext("The file %s is already assigned as a whitelist file."), htmlspecialchars($f)); break; } } @@ -114,7 +114,7 @@ if ($_POST['mode'] == 'wlist_add' && isset($_POST['iplist'])) { } } else - $input_errors[] = gettext("The file '{$_POST['iplist']}' could not be found."); + $input_errors[] = sprintf(gettext("The file '%s' could not be found."), htmlspecialchars($_POST['iplist'])); $pconfig['blist_files'] = $a_nat[$id]['blist_files']; $pconfig['wlist_files'] = $a_nat[$id]['wlist_files']; diff --git a/config/snort/snort_iprep_list_browser.php b/config/snort/snort_iprep_list_browser.php index a13a2d37..42f1d595 100644 --- a/config/snort/snort_iprep_list_browser.php +++ b/config/snort/snort_iprep_list_browser.php @@ -83,9 +83,9 @@ foreach($files as $file): <td></td> <td class="fbFile vexpl" id="<?=$fqpn;?>" align="left"> <?php $filename = str_replace("//","/", "{$path}/{$file}"); ?> - <div onClick="$('<?=$target;?>').value='<?=$filename?>'; $('<?=$container;?>').hide();"> + <div onClick="$('<?=$target;?>').value='<?=htmlspecialchars($filename)?>'; $('<?=$container;?>').hide();"> <img src="/filebrowser/images/file_<?=$type;?>.gif" alt="" title=""> - <?=$file;?> + <?=htmlspecialchars($file);?> </div> </td> <td align="right" class="vexpl"> diff --git a/config/squid/squid.inc b/config/squid/squid.inc index 4cfb9af8..fc62a587 100644 --- a/config/squid/squid.inc +++ b/config/squid/squid.inc @@ -552,24 +552,75 @@ function squid_install_cron($should_install) { return; } - parse_config(true); + $rotate_is_installed = false; + $swapstate_is_installed = false; + if(!$config['cron']['item']) + return; + $settings = $config['installedpackages']['squidcache']['config'][0]; - if (is_array($config['installedpackages']['squidcache'])) { - $settings = $config['installedpackages']['squidcache']['config'][0]; - } else { - $settings = array(); - } - $cachedir = ($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); - $cron_cmd = "/bin/rm {$cachedir}/swap.state; " . SQUID_LOCALBASE . "/sbin/squid -k rotate"; - $swapstate_cmd = "/usr/local/pkg/swapstate_check.php"; + $x=0; + $rotate_job_id=-1; + $swapstate_job_id=-1; - if ($should_install) { - install_cron_job("{$cron_cmd}", true, "0", "0", "*", "*", "*", "root"); - install_cron_job("{$swapstate_cmd}", true, "*/15"); - } else { - install_cron_job("{$cron_cmd}", false); - install_cron_job("{$swapstate_cmd}", false); + foreach($config['cron']['item'] as $item) { + if(strstr($item['task_name'], "squid_rotate_logs")) { + $rotate_job_id = $x; + } elseif(strstr($item['task_name'], "squid_check_swapstate")) { + $swapstate_job_id = $x; + } + $x++; + } + $need_write = false; + switch($should_install) { + case true: + $cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); + if($rotate_job_id < 0) { + $cron_item = array(); + $cron_item['task_name'] = "squid_rotate_logs"; + $cron_item['minute'] = "0"; + $cron_item['hour'] = "0"; + $cron_item['mday'] = "*"; + $cron_item['month'] = "*"; + $cron_item['wday'] = "*"; + $cron_item['who'] = "root"; + $cron_item['command'] = "/bin/rm {$cachedir}/swap.state; " . SQUID_LOCALBASE . "/sbin/squid -k rotate"; + $config['cron']['item'][] = $cron_item; + $need_write = true; + } + if($swapstate_job_id < 0) { + $cron_item = array(); + $cron_item['task_name'] = "squid_check_swapstate"; + $cron_item['minute'] = "*/15"; + $cron_item['hour'] = "*"; + $cron_item['mday'] = "*"; + $cron_item['month'] = "*"; + $cron_item['wday'] = "*"; + $cron_item['who'] = "root"; + $cron_item['command'] = "/usr/local/pkg/swapstate_check.php"; + $config['cron']['item'][] = $cron_item; + $need_write = true; + } + if ($need_write) { + parse_config(true); + write_config("Adding Squid Cron Jobs"); + } + break; + case false: + if($rotate_job_id >= 0) { + unset($config['cron']['item'][$rotate_job_id]); + $need_write = true; + } + if($swapstate_job_id >= 0) { + unset($config['cron']['item'][$swapstate_job_id]); + $need_write = true; + } + if ($need_write) { + parse_config(true); + write_config("Removing Squid Cron Jobs"); + } + break; } + configure_cron(); } function squid_resync_general() { diff --git a/pkg_config.10.xml b/pkg_config.10.xml index 72150b17..b4f5519f 100644 --- a/pkg_config.10.xml +++ b/pkg_config.10.xml @@ -395,7 +395,7 @@ </build_pbi> <build_options>barnyard2_UNSET_FORCE=ODBC PGSQL PRELUDE;barnyard2_SET_FORCE=GRE IPV6 MPLS MYSQL PORT_PCAP BRO;snort_SET_FORCE=BARNYARD PERFPROFILE SOURCEFIRE GRE IPV6 NORMALIZER APPID;snort_UNSET_FORCE=PULLEDPORK FILEINSPECT HA</build_options> <config_file>https://packages.pfsense.org/packages/config/snort/snort.xml</config_file> - <version>3.2.8.1</version> + <version>3.2.8.2</version> <required_version>2.2</required_version> <status>Stable</status> <configurationfile>/snort.xml</configurationfile> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index a0dcec6a..51148f48 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -1110,7 +1110,7 @@ <descr>High performance web proxy cache.</descr> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>2.7.9 pkg v.4.3.10</version> + <version>2.7.9 pkg v.4.3.11</version> <status>Stable</status> <required_version>2</required_version> <maintainer>fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> |